Vulnerabilities > ENG > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-28 | CVE-2019-13348 | Insufficiently Protected Credentials vulnerability in ENG Knowage In Knowage through 6.1.1, an authenticated user who accesses the datasources page will gain access to any data source credentials in cleartext, which includes databases. | 4.0 |
| 2019-08-28 | CVE-2019-13189 | Cross-site Scripting vulnerability in ENG Knowage In Knowage through 6.1.1, there is XSS via the start_url or user_id field to the ChangePwdServlet page. | 4.3 |
| 2014-10-08 | CVE-2014-7296 | Code Injection vulnerability in ENG Spagobi 5.0 The default configuration in the accessibility engine in SpagoBI 5.0.0 does not set FEATURE_SECURE_PROCESSING, which allows remote authenticated users to execute arbitrary Java code via a crafted XSL document. | 6.8 |
| 2014-03-09 | CVE-2013-6233 | Cross-Site Scripting vulnerability in ENG Spagobi 4.0 Cross-site scripting (XSS) vulnerability in SpagoBI before 4.1 allows remote authenticated users to inject arbitrary web script or HTML via the Description field in the "Short document metadata." | 4.3 |